Now showing items 1-10 of 22
Measuring the Insecurity of Mobile Deep Links of Android
Mobile deep links are URIs that point to specific locations within apps, which are instrumental to web-to-app communications. Existing “scheme URLs” are known to have hijacking vulnerabilities where one app can freely ...
A Static Assurance Analysis of Android Applications
(Department of Computer Science, Virginia Polytechnic Institute & State University, 2013-07-11), TR-13-03
We describe an efficient approach to identify malicious Android applications through specialized static program analysis. Our solution – referred to as user intention program dependence analysis – performs offline analysis ...
Personal Anomaly Detection and Smart-Phone Security
(Virginia Tech, 2010-04-22)
Mobile devices increasingly become the computing platform for networked applications such as Web and email. This development requires strong guarantees on the system integrity and data security of mobile devices against ...
CCS 2017- Women in Cyber Security (CyberW) Workshop
The CyberW workshop is motivated by the significant gender imbalance in all security conferences, in terms of the number of publishing authors, PC members, organizers, and attendees. What causes this gender imbalance remains ...
Data Leak Detection As a Service: Challenges and Solutions
(Department of Computer Science, Virginia Polytechnic Institute & State University, 2012), TR-12-10
We describe a network-based data-leak detection (DLD) technique, the main feature of which is that the detection does not require the data owner to reveal the content of the sensitive data. Instead, only a small amount of ...
Fast Detection of Transformed Data Leaks
(Ieee-Inst Electrical Electronics Engineers Inc, 2016-03-01)
Identifying Native Applications with High Assurance
(Department of Computer Science, Virginia Polytechnic Institute & State University, 2011), TR-11-20
The work described in this paper investigates the problem of identifying and deterring stealthy malicious processes on a host. We point out the lack of strong application iden- tication in main stream operating systems. ...
Process Authentication for High System Assurance
(IEEE Computer Society, 2013-07-11)
This paper points out the need in modern operating system kernels for a process authentication mechanism, where a process of a user-level application proves its identity to the kernel. Process authentication is different ...
Secure Coding Practices in Java: Challenges and Vulnerabilities
(Virginia Tech, 2017-09-28)
Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities ...
Rapid Screening of Transformed Data Leaks with Efficient Algorithms and Parallel Computing
The leak of sensitive data on computer systems poses a serious threat to organizational security. Organizations need to identify the exposure of sensitive data by screening the content in storage and transmission, i.e., ...